Tom
I have an action extension script that tests the variable $family to determine
if IPv4 or IPv6 is being used.
The script worked with shorewall(6) 4.4.19. I believe it stopped working
shorewall(6) 4.4.20 Beta4.
I now get the following messages:
Compiling /etc/shorewall1/action.Extns for chain %Extns...
Use of uninitialized value $Shorewall::Rules::family in numeric eq (==) at
(eval 9) line 28, <$currentfile> line 18.
Is there anything I need to do to be able reference $family within the script.
I have attached a copy of the script.
Thanks.
Steven.
use Shorewall::Chains;
use feature 'say';
our $family;
#@params = split( /,/, $tag ), $tag='' unless @params;
fatal_error 'Extns rules must include <action>,<extension>,<prameters> as the
log tag or params' unless @params >= 3;
my ( $module, $comp, $hl, $ttl, $len, $name, $set, @lens, $xchainref );
my $rule = '';
my $count = 1;
my $action = $params[0];
fatal_error "Invalid action $action" unless $action eq 'ACCEPT' || $action eq
'DROP' || $action eq 'REJECT' || $action eq 'LOG';
fatal_error "LOG requires a log level" if $action eq 'LOG' && $level eq 'none';
$action = 'reject' if $action eq 'REJECT';
if ( $action ne 'LOG' && $level ne 'none' ) {
$xchainref = new_chain 'filter' , "$chainref->{name}%";
log_rule_limit $level, $xchainref, $chainref->{name}, $action, '', $tag,
'add', '';
add_rule $xchainref, "-j $action";
}
while ( $count < @params ) {
$module = $params[$count];
if ( $module eq 'ttl' ) {
fatal_error "Extns ttl is not available in shorewall6. Use hl" unless
$family == F_IPV4;
fatal_error "Extns ttl requires 2 parameters" unless @params >= $count
+ 3;
$comp = $params[$count+1];
fatal_error "Invalid ttl comparitor $comp" unless $comp eq 'eq' ||
$comp eq 'ne' || $comp eq 'lt' || $comp eq 'gt';
$ttl = $params[$count+2];
fatal_error "Invalid ttl value $ttl" unless $ttl =~ /^\d+$/;
fatal_error "Invalid ttl value $ttl" unless $ttl <= 255;
if ( $comp eq 'ne' ) {
$rule = "$rule -m ttl ! --ttl-eq $ttl";
} else {
$rule = "$rule -m ttl --ttl-$comp $ttl";
}
$count = $count + 3;
next;
}
if ( $module eq 'hl' ) {
fatal_error "Extns hl is only available in shorewall6. Use ttl" unless
$family == F_IPV6;
fatal_error "Extns hl requires 2 parameters" unless @params >= $count
+ 3;
$comp = $params[$count+1];
fatal_error "Invalid hl comparitor $comp" unless $comp eq 'eq' || $comp
eq 'ne' || $comp eq 'lt' || $comp eq 'gt';
$hl = $params[$count+2];
fatal_error "Invalid hl value $hl" unless $hl =~ /^\d+$/;
fatal_error "Invalid hl value $hl" unless $hl <= 255;
if ( $comp eq 'ne' ) {
$rule = "$rule -m hl ! --hl-eq $hl";
} else {
$rule = "$rule -m hl --hl-$comp $hl";
}
$count = $count + 3;
next;
}
if ( $module eq 'length' ) {
fatal_error "Extns length requires 2 parameters" unless @params >=
$count + 3;
$comp = $params[$count+1];
fatal_error "Invalid length comparitor $comp" unless $comp eq 'eq' ||
$comp eq 'ne';
$len = $params[$count+2];
fatal_error "Invalid length $len" if $len =~ tr/:/:/ > 1;
@lens = split /:/, $len;
if ( @lens > 0 ) {
if ( $lens[0] ne '' ) {
fatal_error "Invalid length $len" unless $lens[0] =~ /^\d+$/;
} else {
$lens[0] = 0;
}
}
if ( @lens == 2 ) {
if ( $lens[1] ne '' ) {
fatal_error "Invalid length $len" unless $lens[1] =~ /^\d+$/;
fatal_error "Invalid length $len" unless $lens[0] < $lens[1];
}
}
if ( $comp eq 'ne' ) {
$rule = "$rule -m $module ! --$module $len";
} else {
$rule = "$rule -m $module --$module $len";
}
$count = $count + 3;
next;
}
if ( $module eq 'condition' ) {
fatal_error "Extension condition requires 2 parameters" unless @params
>= $count + 3;
$name = $params[$count+1];
$set = $params[$count+2];
fatal_error "Invalid condition value $set" unless $set eq 0 || $set eq
1;
if ( $set eq 0 ) {
$rule = "$rule -m $module ! --$module $name";
} else {
$rule = "$rule -m $module --$module $name";
}
$count = $count + 3;
next;
}
if ( $module eq 'OR' ) {
fatal_error "Invalid use of 'OR'" if $count == 1 || $count + 1 ==
@params;
fatal_error "Invalid use of 'OR'" if $params[$count+1] eq 'OR';
if ( $level ne 'none') {
log_rule_limit $level, $chainref, $chainref->{name}, $action, '',
$tag, 'add', $rule if $action eq 'LOG';
add_jump $chainref, $xchainref, 0, "$rule " unless $action eq 'LOG';
} else {
add_rule $chainref, "$rule -j $action";
}
$rule = '';
$count = $count + 1;
next;
}
fatal_error "Unknown extension $module";
}
if ( $level ne 'none') {
log_rule_limit $level, $chainref, $chainref->{name}, $action, '', $tag,
'add', $rule if $action eq 'LOG';
add_jump $chainref, $xchainref, 0, "$rule " unless $action eq 'LOG';
} else {
add_rule $chainref, "$rule -j $action";
}
1;
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
